Tag Archives: half

Apple transparency report shows national security requests rising

The Apple transparency report for the second half of 2017 showed national security requests on the rise, and the number of devices included in requests is up sharply.

The latest semiannual Apple Report on Government and Private Party Requests for Customer Information detailed requests by governments around the world from July 1, 2017, through Dec. 31, 2017. According to Apple, although overall device requests are down, governments around the world have been using fewer requests to attempt to get information on far more accounts.

The Apple transparency report showed a slight year-over-year decrease in the total number of device requests received worldwide (30,184 in the second half of 2016 versus 29,718 in H2 2017), but the number of devices impacted by those requests more than doubled from 151,105 to 309,362.

Apple is not alone in receiving more government data requests; Google has reported similar increases, but Apple noted it has complied with a higher percentage of government data requests in the second half of 2017 (79%) compared to the same time period in 2016 (72%).

Apple’s transparency report shows the company has been complying with more of the government requests across multiple request types. Apple’s compliance with financial information requests was up year over year from 76% to 85%; account-based request compliance was up from 79% to 82%; and only compliance with emergency requests went down from 86% to 82%.

National security requests also rose sharply, according to the Apple transparency report. In the second half of 2016, Apple received between 5,750 and 5,999 national security requests and complied with the majority of them (between 4,750 and 4,999). In the same time period in 2017, Apple received more than 16,000 national security requests, but only provided data to the U.S. government in about half of those cases.

Richard Goldberg, principal and litigator at the law firm Goldberg & Clements in Washington, D.C., said he was struck by the large percentage of U.S. government requests made by either national security request or subpoena.

“Although Apple has challenged certain government requests aggressively in public, we don’t know how aggressive the company has been in private — which is especially relevant because these requests typically do not require a judge’s approval,” Goldberg said via email. “So the government collects this information, and it may never see the inside of a courtroom.”

Additional information

Goldberg added that the general level of detail in Apple’s transparency report is helpful, but suggested Apple “should break out administrative subpoenas from all other types.”

“Administrative subpoenas can have broad scope, because they often need only be related to something the agency is permitted to investigate, and they need not be connected to a grand jury proceeding or active litigation,” Goldberg said. “It’s a one-sided way for the government to demand information with little to no oversight, unless the recipient chooses to fight. And we don’t know how Apple makes that decision.”

According to Apple, the predominant reason for financial information requests around the world was credit card and iTunes gift card fraud and in multiple regions — including the U.S. — a “high number of devices specified in requests [was] predominantly due to device repair fraud investigations, fraudulent purchase investigations and stolen device investigations.”

It is unclear what data in the Apple transparency report correlates to the allegedly large number of devices the FBI and other law enforcement cannot access due to encryption, nor is it clear which data in the report correlates to iCloud backup data, which Apple has previously admitted to handing over to law enforcement.

SearchSecurity contacted Apple for clarification on these issues and Apple referred to its Legal Process Guidelines, which detailed the types of data in iCloud backups that Apple would be able to provide to law enforcement, including the subscriber’s name, address, email, telephone, mail logs, email content, iMessage data, SMS, photos and contacts.

However, Apple did note in the report that it would be adding “government requests to take down Apps from the App Store in instances related to alleged violations of legal and/or policy provisions,” starting with the transparency report for the second half of 2018.

VPNFilter malware infects 500,000 devices for massive Russian botnet

On the same day researchers reported a new modular malware system that infected at least half a million networking devices, the FBI seized a key domain that served as backup for the malware’s command and control infrastructure.

The new malware, known as VPNFilter, was found to be infecting small office and home office (SOHO) routers and network-attached storage (NAS) devices from several different vendors. Researchers at Cisco Talos discovered the malware and published their preliminary results before their investigation was complete to give users a better chance at protecting their interests from an attack they believed was sponsored or affiliated with a nation state threat actor.

“Both the scale and the capability of this operation are concerning. Working with our partners, we estimate the number of infected devices to be at least 500,000 in at least 54 countries,” wrote Cisco Talos threat researcher William Largent in a blog post. “The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols.”

In addition to these threats, the researchers determined that VPNFilter also “has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.”

Cisco Talos said the VPNFilter malware “is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations.” The first stage of the malware is persistent on the internet of things devices it infects and provides a mechanism for the second stage of the malware to be deployed. Stage two of the VPNFilter malware persists only in memory and can be mitigated by rebooting the affected system, but removing the first stage of the infection is more difficult.

The primary means of delivering stage two of the VPNFilter malware is through IP addresses identified in EXchangable Image File (EXIF) metadata for images stored on the Photobucket website.

Researchers determined that the VPNFilter command and control (C&C) infrastructure used a backup domain, “toknowalI.com,” to deliver the second stage of malware to infected devices if the primary means of identifying the C&C server is unavailable. By sinkholing the botnet C&C server — redirecting traffic from infected botnet devices to the C&C controller — the FBI was able to reduce the threat from the campaign.

Justice Department steps in

Seizure of the domain was put into effect after the U.S. Attorney’s Office for the Western District of Pennsylvania obtained court orders authorizing the FBI to seize the domain used by the VPNFilter malware’s command-and-control infrastructure.

John Demers, assistant attorney general for national security, said in the Justice Department announcement that “This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

The Justice Department attributed the attack to the Sofacy Group, which is also known as APT28, Pawn Storm, Fancy Bear and other aliases.

About the VPNFilter malware

Cisco Talos reported vendors were affected by VPNFilter, including Linksys, MikroTik, NETGEAR and TP-Link SOHO routers and networking equipment as well as QNAP network-attached storage (NAS) devices.

The researchers cited the resemblance of the malware to the BlackEnergy malware that targeted devices in Ukraine in previous campaigns, and indications that the new malware was attacking systems in Ukraine at “an alarming rate” with a C&C infrastructure “dedicated to that country.”

Cisco Talos recommended that device owners reboot their devices, reset them to factory settings, and download and install the most recent patches for the devices. The Justice Department noted that while “devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure.”

Xiaomi Air 13

Looking to spend around £500, already own one but the offer half now want’s one.

What have you got?

Thanks.

Location: Suffolk

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves…

Xiaomi Air 13

Crucial DDR4 2133 8GB

I have had this in my PC for a about a year and a half and am upgrading to some 16GB Corsair LPX so I no longer have any need for this.

Has worked with no issues in my PC.

View attachment 1002733

Price and currency: £50
Delivery: Delivery cost is included within my country
Payment method: PayPal or BT
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference…

Crucial DDR4 2133 8GB

Crucial DDR4 2133 8GB

I have had this in my PC for a about a year and a half and am upgrading to some 16GB Corsair LPX so I no longer have any need for this.

Has worked with no issues in my PC.

View attachment 1002733

Price and currency: £50
Delivery: Delivery cost is included within my country
Payment method: PayPal or BT
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference…

Crucial DDR4 2133 8GB

Crucial DDR4 2133 8GB

I have had this in my PC for a about a year and a half and am upgrading to some 16GB Corsair LPX so I no longer have any need for this.

Has worked with no issues in my PC.

View attachment 1002733

Price and currency: £50
Delivery: Delivery cost is included within my country
Payment method: PayPal or BT
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference…

Crucial DDR4 2133 8GB

Crucial DDR4 2133 8GB

I have had this in my PC for a about a year and a half and am upgrading to some 16GB Corsair LPX so I no longer have any need for this.

Has worked with no issues in my PC.

View attachment 1002733

Price and currency: £50
Delivery: Delivery cost is included within my country
Payment method: PayPal or BT
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference…

Crucial DDR4 2133 8GB

Crucial DDR4 2133 8GB

I have had this in my PC for a about a year and a half and am upgrading to some 16GB Corsair LPX so I no longer have any need for this.

Has worked with no issues in my PC.

View attachment 1002733

Price and currency: £50
Delivery: Delivery cost is included within my country
Payment method: PayPal or BT
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference…

Crucial DDR4 2133 8GB

Crucial DDR4 2133 8GB

I have had this in my PC for a about a year and a half and am upgrading to some 16GB Corsair LPX so I no longer have any need for this.

Has worked with no issues in my PC.

View attachment 1002733

Price and currency: £50
Delivery: Delivery cost is included within my country
Payment method: PayPal or BT
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference…

Crucial DDR4 2133 8GB

Crucial DDR4 2133 8GB

I have had this in my PC for a about a year and a half and am upgrading to some 16GB Corsair LPX so I no longer have any need for this.

Has worked with no issues in my PC.

View attachment 1002733

Price and currency: £50
Delivery: Delivery cost is included within my country
Payment method: PayPal or BT
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference…

Crucial DDR4 2133 8GB